Healthcare systems were held hostage by WannaCry in May 2017. The ransomware attack painted a vivid picture of what a digital-borne threat can do to paralyze real-world processes, including actual hospital procedures such as life-saving surgeries. This IT security nightmare prompted discussions specific to the problem of securing connected hospitals. While patients get better and more efficient services when healthcare facilities adopt new technologies, add smart devices, and embrace new partnerships, the digital attack surface becomes broader as well.

To shed light on healthcare network risks that are not getting enough attention, we partnered with HITRUST for the research paper Securing Connected Hospitals. Trend Micro Forward-Looking threat researchers explored two aspects: exposed connected medical systems and devices, and supply chain cyberthreats.

Our previous studies regarding exposed devices in internet of things (IoT) or industrial internet of things (IIoT) environments in different states and sectors in the United States, and subsequently in different countries in Western Europe, were a wakeup call for organizations who are not sufficiently securing connected printers, webcams, databases, and even ports. The risk is much more nuanced in the healthcare industry.

We discovered exposed medical systems — including those that store medical-related images, healthcare software interfaces, and even misconfigured hospital networks — which should not be viewable publicly. While a device or system being exposed does not necessarily mean that it is vulnerable, exposed devices and systems can potentially be used by cybercriminals and other threat actors to penetrate into organizations, steal data, run botnets, install ransomware, and so on. Furthermore, it shows that a massive amount of sensitive information is publicly available when they shouldn’t be.

View infographic: Who do You Trust? Supply Chain Challenges in Connected Hospitals

Supply chain threats, likewise, are potential risks associated with suppliers of goods and services to healthcare organizations: A perpetrator can exfiltrate confidential/sensitive information, introduce an unwanted function or design, disrupt daily operations, manipulate data, install malicious software, introduce counterfeit devices, and affect business continuity. The healthcare industry is more dependent than ever on cloud-based systems, third-party service providers, and vendors in the supply chain. With that in mind, we examined the different entry points that can render a network susceptible to a supply chain attack, and the different kinds of attacks that can be deployed by cybercriminals.

After identifying exposure and supply chain risks, we performed a DREAD threat modeling exercise on healthcare networks in order to understand where, among various threats, the greatest risk lies.

Through this research, we sought to arm healthcare IT security teams with a broader perspective about the kinds of threats that they should defend their networks against. Most importantly, we have provided a set of actionable recommendations, technical and non-technical, to address exposure and supply chain risks. To gain more insight into threats to healthcare-related systems and security measures to address these threats, read our research paper, Securing Connected Hospitals.

2019 SECURITY PREDICTIONS

Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape.View the 2019 Security Predictions

2018 MIDYEAR SECURITY ROUNDUP

A review of the first half of 2018 shows a threat landscape that not only has constant and familiar features but also has morphing and uncharted facets: Ever-present threats steadily grew while emerging ones used stealth. View the 2018 Midyear Security Roundup